Policing the Internet?


Policymakers worldwide are at loggerheads over how to crack down on cyber-criminals, unlawful content and illegal downloading. But laws have been slow to arrive as legislators try to reconcile fundamental rights and Internet security.

The Internet has become a headache for policymakers struggling to police criminal activity in an intangible web of code that spans territories outside of their jurisdictions.

For example, parliamentarians in the UK have tried to legislate against pornographic images of children on the Internet, but ran into problems when they realised these images were on websites outside their country.

Failing to tackle the problem at a national level, European policymakers have been trying to write laws and create new bodies to make binding decisions about unlawful content and activity online.

Their attempts are highly contested by MEPs and legislators in national parliaments, who fearthat draconian rules on Internet filtering would eventually dilute fundamental freedoms like free speech.

A global solution for illegal downloading is currently being discussed under the banner of the Anti-Counterfeiting Trade Agreement (ACTA), but the high level of secrecy surrounding the global talks has unnerved both businesses and legislators.

Leaks from the talks show that governments want stricter laws to prosecute illegal downloading and filesharing of content. Internet service providers fear that this would change their business models and make them less competitive.

Internet security has become a priority as by 2020, Brussels wants all Europeans to have high-speed broadband.

The EU's Internet security agency, ENISA, works to secure information networks, but at the moment it is largely a hub of expertise with no legal teeth to tackle the issue.

For example, in 2008, the agency released information about how vulnerable mobile communications were to security threats.

Europol is also involved in policing cybercrime. The agency oversees working groups that try to help law enforcement agencies solve cross-border cybercrime like child pornography, for instance.

However, as more and more users put their private information on the Internet via social networking sites, the breeding ground for cybercrime has grown enormously.


Risks emanating from websites like Facebook and MySpace top the list of electronic dangers outlined in a recent report by Sophos, a web security firm. Traditional phishing, email threats and attacks on new devices, such as BlackBerries and iPhones, come next in the ranking of annoyances for digital consumers.

Some countries have well-established units to police the Internet. In the Netherlands, Dutch police set up an Internet Brigade to fight cybercrime and in the UK, the Internet Watch Foundation operates an Internet 'Hotline' for the public and IT professionals to report potentially illegal online content.

In addition, ENISA monitors spam, botnets, phishing, identity theft, route hijacking, instant messaging, peer-to-peer systems, malware on cell phones, hackers in stock markets, software vulnerabilities and lack of protection (e.g. antivirus software) in some devices.

Recognising the lack of legal power at their disposal, in April 2010, EU ministers asked the European Commission to assess whether it should set up a centralised agency on tackling cybercrime to prevent online fraud and child pornography.

In the past, the biggest opponents of a centralised EU body on cybercrime have been the UK, Germany and France, who feared an EU agency would tread on the toes of operations already underway in their own countries.

The European Commission has started work on a new directive for attacks against information systems and plans to present an EU Internal Security Strategy in October 2010, a major component of which will be cyber security.

The EU executive claims that the cost of cybercrime in the EU, at €750 billion annually, vastly exceeds drug trafficking and is equivalent to 1% of global GDP.

As part of its efforts, the Commission is planning to establish a European rapid response system for cyber attacks, including a network of computer emergency response teams (Certs), and wants to boost the role of ENISA.

Piracy on the Internet

Over a million jobs and up to €240 billion in business could be lost in the European Union over the next five years as a result of illegal downloading, according to a new study on Internet piracy by Paris-based consultancy TERA.

Three quarters of illegal shipments stopped by EU customs officials in 2009 were shipped by post or air, suggesting that Internet sales of illegal items have increased, according to an annual report on illegal trade flows published by the European Commission's department for taxation and customs union.

The European Parliament is grappling with the issue of tackling online piracy, with many MEPs insisting that criminalising piracy would be too draconian and would punish people who share files sporadically rather than those who are pirating content en masse and for commercial gain.

France was the first country to propose legislation on the issue, and its law is considered too stringent by many policymakers. The three strikes rule, which would see users disconnected from their networks after being caught downloading content illegally for the third time, is still making its way through the French national parliament.

In early May, Ireland was the first country to introduce a three-strikes policy after its Internet service provider, Eircom, was taken to court by the Irish Recorded Music Association for the level of content that had been illegally downloaded on its network.

The UK government and Internet service providers (ISPs) BT and Talk Talk are currently embroiled in a high court challenge to the country's digital economy bill, which asks them to send letters and even disconnect customers who are downloading illegal content.

The role of Internet service providers in illegal downloading is a hotly debated issue at both an EU and global level. Currently the European Parliament is struggling to understand the implications of ACTA (Anti-Counterfeiting Trade Agreement): global negotiations which, according to leaks, would see ISPs punish customers who have downloaded illegal content.

There are 12 countries involved in the ACTA talks, at which European interests are being represented by negotiators from the European Commission.

Christian Engström, a Swedish Greens/European Free Alliance MEP and a founder member of the Swedish Pirate Party, who has a close eye on the negotiations, recently abandoned talks with the European Commission when he discovered that he was not allowed to share information from ACTA with his fellow legislators.


In 2007, the EU established a high-security portal - called 'Check the Web' - to allow the EU's 27 member states to pool data on Islamist propaganda at the European Police Office (Europol) in The Hague.

Internet service providers and private companies operating on the Web will also likely be increasingly required to collaborate in the fight against terror.

The tougher line on Internet-based propaganda and radicalisation activities stems from an EU Framework Decision on combating terrorism, which was adopted in November 2008.

The document clearly states that "the Internet is used to inspire and mobilise local terrorist networks and individuals in Europe and also serves as a source of information on terrorist means and methods, thus functioning as a virtual training camp".

The European Commission believes that new measures in the pipeline will allow for easy persecutions of the perpetrators and planners of attacks, but also of those who indirectly support terrorism through a variety of means, such as disseminating bomb-making recipes on the Internet.

A new set of measures will be proposed in 2011 on countering radicalisation and recruitment, including Internet-based activity.

Child pornography

In addition, the European Commission wants member states to filter out child pornography from the Internet and impose harsher sentences on human trafficking, but the European Parliament has expressed doubt as to whether new EU laws would be tough enough.

The new rules proposed in March 2010 would block child porn websites from the Internet, prosecute grooming - luring victims via online chat forums - and seek to ensure that abusers cannot re-offend in another EU country.

But the EU faces internal strife from member states on the proposal, with many arguing that Internet filtering will damage free speech by allowing governments to block other forms of undesirable content.

Germany, which said it would block the proposal, argues that banning child pornography altogether would be more sensible than filtering content.

Commenting on new measures to tackle cybercrime, EU Home Affairs Commissioner Cecilia Malmström said "citizens should have the right to know what personal data are kept and exchanged about them".

Commenting on new measures to filter websites carrying child pornography, Commissioner Malmström argued: "If the police can confiscate leaflets, books and videos with child pornography, it should also be able to shut down sites. The Internet is not a safe haven for criminals."

German Justice Minister Sabine Schnarrenberger disagreed with Malmström: "I expect a broad debate in the upcoming discussions in which I shall be representing the principle of 'removing [child porn sites] instead of blocking' and lobbying for as broad support as possible in the Council and in the European Parliament."

Regarding the security risks posed by social networking websites, a paper by the European Network and Information Security Agency concluded: "Users are often not aware of the size or nature of the audience accessing their profile data and the sense of intimacy created by being among digital 'friends' often leads to disclosures which are not appropriate for a public forum. Such commercial and social pressures have led to a number of privacy and security risks for SN members."

The European Commission recently issued a paper which argued for greater scrutiny of terrorist activity online. "Activities of public provocation to commit terrorist offences, recruitment for terrorism and training for terrorism have multiplied at very low cost and risk," stressed the document.

Commenting on Europol's online policing portal 'Check the Web', the agency's head, Max-Peter Ratzel, said: "We allow EU member states to share their responsibilities in checking the web."  

"If you see that a web site is [already being] checked by another country, you can save energy," Ratzel added.

Criticising the secrecy surrounding the ACTA talks, Swedish Greens/European Free Alliance MEP and founder member of the Pirate Party Christian Engström said: "It is disgraceful that MEPs have to rely on unofficial leaks."

"We will try to request the release of these documents so Europe can see that we do what we say and we say what we do," said Luc Devigne from the European Commission's trade unit.

Commenting on "rumours" that ACTA will pave the way for a three-strikes law against piracy, Devigne said "there will be no three strikes, there will be no change to the liability of Internet service providers [and] there will be full respect of data privacy and no provisions on customs searches".

"ETNO is concerned that disproportionate and wide-ranging measures such as filtering or the possibility of disconnecting Internet users could be introduced through the Anti-Counterfeiting Trade Agreement currently negotiated by the EU and the US among others. Such a move would fully contradict users' rights as currently enshrined in EU law and reinforced by the recently adopted EU Telecoms Package," said Michael Bartholomew, director of EU telecoms federation ETNO.

"By creating legal uncertainty for the Internet operators, ACTA will force them to bend under the pressure of entertainment industries. ACTA will compel Internet service providers to filter and remove content and services, turning them into private police and justice auxiliaries," according to Jérémie Zimmermann, spokesperson for citizens' advocacy group La Quadrature du Net.

Marielle Gallo, a French centre-right MEP overseeing legislation on copyright, has said she is in favour of a Spanish draft law which would simply shut down websites caught by a judge for providing illegal downloads to users.

Commenting exclusively for EURACTIV, Veni Markovski, a Bulgarian Internet pioneer, said there were fundamental flaws in the European Commission's Internet policy.

''What we have seen in recent years is that some EU member states have created policies not to ensure more secure Internet, but rather ones that punish end-users,'' he said.

''The so-called 'three-strike rule' does not provide more security, but rather more fear and concerns over users' privacy," he added.

Calling for more cooperation with users, business and governments instead, Markovski gave an example of an alternative being rejected: ''10 years ago, in Bulgaria, Internet operators suggested a working model to the copyright associations, but they rejected it. The model would have brought the copyright holders about 50 million euro for 2009 from Bulgaria alone,'' he said.

''In the fight against online crime, the EU should not sacrifice online freedom for the interests of big software and music producers," he added. 

  • 1 Sep. 2005: European Network and Information Security Agency (ENISA) became fully operational.
  • 29 June 2006: Commission opens consultation on review of telecoms sector.
  • May 2007: Security portal 'Check the Web' established by Europol to monitor terrorism online
  • 13 Nov. 2007: Commission presents telecoms 'package' of reforms (EURACTIV 14/11/07).
  • 29 Apr. 2009: Parliament and Council seal landmark deal on main issues of the telecoms package (EURACTIV 30/04/09).
  • 6 May 2009: In a surprise move, MEPs reject the agreement previously reached with the Council and propose a more rigorous text in defence of Internet users' rights (EURACTIV 7/05/09).
  • 24 Nov. 2009: Final adoption of telecoms package.
  • 29 Mar. 2010: Commission tables proposals to filter out child pornography online.
  • April 2010: EU ministers ask Commission to examine need for centralised cybercrime agency.
  • Oct. 2010: Commission plans to propose new directive for attacks against information systems.
  • 9 Dec. 2010: Deadline for implementation in each member state of Framework Decision on Combating Terrorism including online radicalisation.
  • 2011: Planned communication to counter radicalisation and recruitment.

Subscribe to our newsletters